On Mon, Aug 18, 2008 at 7:17 AM, David Collier-Brown <davecb@sun.com> wrote:> Peter Dolding wrote:>>>> Currently if we have a unknown infection on a windows partition that>> is been shared by linux the scanner on Linux cannot see that the>> windows permissions has been screwed with. OS with badly damaged>> permissions is a sign of 1 of three things. ...>> It's more likely that the files will reside on Linux/Unix under> Samba, and so the permissions that Samba implements will be the ones> that the virus is trying to mess up. These are implemented in> terms of the usual permission bits, plus extended attributes/ACLs.> Linux systems mounting Windows filesystems are somewhat unusual (;-))>More desktop use of Linux more cases of ntfs and fat mounted underLinux. Funny enough linux mounting windows file systems is 100percent normal for most Ubuntu users so there are a lot of them outthere doing it. I am future looking there are other filesystemscoming with there own issues as well.

Same issue with samba no common store for extra permissions exist soon file systems that don't support there permissions storage it goesback into there tdb storage.

Basically scanning everything to detect issues currently nicelycomplex. We have a huge permissions mess. Some permissions areprocessed by the file system drivers. Some are processed by vfs thenothers processed and stored by individual applications. So no wherein Linux can you see all the permissions being applied to a singlefile to be sure there is not a secuirty risk somewhere. Samba orequal allowing access to remove a virus signature from the black listor added something that should not be allowed to the white list wouldbe major problems.

Posix has not helped US here at all. No where in posix does itprovide anything to clean up this mess. Does solarias have a solutionI know BSD and Linux does not. I think all posix OS's have a mess inthis section.